summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--prog/ž/app.html19
-rw-r--r--prog/ž/index.php3
2 files changed, 14 insertions, 8 deletions
diff --git a/prog/ž/app.html b/prog/ž/app.html
index 544db56..6502e5f 100644
--- a/prog/ž/app.html
+++ b/prog/ž/app.html
@@ -242,10 +242,10 @@ async function paynow () {
let sender = await sec1_from_pubkey(await pubkey_from_string("me"));
let rcpt = await sec1_from_pubkey(window.recipient);
let amount32 = new Uint8Array(4);
- amount32[3] = amount.value % 256;
- amount32[2] = (amount.value >> 8) % 256;
- amount32[1] = (amount.value >> 16) % 256;
- amount32[0] = (amount.value >> 24) % 256;
+ amount32[3] = eval(amount.value) % 256;
+ amount32[2] = (eval(amount.value) >> 8) % 256;
+ amount32[1] = (eval(amount.value) >> 16) % 256;
+ amount32[0] = (eval(amount.value) >> 24) % 256;
amount.value = "";
let comm = new TextEncoder().encode(comment.value);
let comm256 = new Uint8Array(256);
@@ -309,12 +309,12 @@ async function pubkey_from_string (s) {
return false;
}
async function paypossible () {
- if (amount.value == "") {
- console.log("paypossible: empty amount field");
+ if (!eval(amount.value)) {
+ console.log("paypossible: invalid amount field");
pay.disabled = true;
return;
}
- if (!(Number(amount.value) <= 4294967296 && Number(amount.value) >= 0)) {
+ if (!(Number(eval(amount.value)) <= 4294967296 && Number(eval(amount.value)) >= 0)) {
console.log("paypossible: amount invalid");
pay.disabled = true;
return;
@@ -324,6 +324,11 @@ async function paypossible () {
pay.disabled = true;
return;
}
+ if (sec1.value.length < 1) {
+ console.log("paypossible: bad sec1 pubkey -- too short");
+ pay.disabled = true;
+ return;
+ }
window.recipient = await pubkey_from_string(sec1.value);
if (recipient == false) {
console.log("paypossible: recipient pubkey bad");
diff --git a/prog/ž/index.php b/prog/ž/index.php
index 5b46ce1..dc2a2f5 100644
--- a/prog/ž/index.php
+++ b/prog/ž/index.php
@@ -299,11 +299,12 @@ switch ($_REQUEST["e"] . "-" . $_SERVER["REQUEST_METHOD"]) {
@$balances[$tx->recipient] += $tx->amount;
}
response(200);
- foreach ($balances as $key => $value) // do not trust balances provided by this API, since they
+ foreach ($balances as $key => $value) { // do not trust balances provided by this API, since they
$packed = pack("q", $value); // are cast to machine dependent int by php
if (pack("Q", 123) === pack("P", 123)) // machine is little endian
$packed = strrev($packed);
echo $key . $packed;
+ }
break;
default:
response(400, "unknown endpoint or method not allowed", TEXT);